Stored Cross-Site Scripting Vulnerability in Adobe Commerce
CVE-2026-47999
4.8MEDIUM
Key Information:
- Vendor
Adobe
- Vendor
- CVE Published:
- 14 July 2026
What is CVE-2026-47999?
Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability that enables attackers with high privileges to inject harmful scripts into vulnerable form fields. When users interact with these compromised fields, malicious JavaScript can execute in their browsers, potentially leading to unauthorized actions or exposure of sensitive information. This vulnerability underscores the importance of securing web applications to maintain user safety and data integrity.
Affected Version(s)
Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18
Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18
Adobe Commerce B2B 0 <= 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18